[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IP aliasing
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 18 Jun 2008, DAve wrote:
> Good morning,
> I have been told by my Network Administrator that we will be changing IP
> blocks for several key services very soon. I have three new DNS servers
> running NetBSD on the new IP block already. I also have two legacy DNS servers
> (also on NetBSD) that I need to drag along behind me for a few more months.
> My new IP block is 65.124.104.X and my old IP block is 65.196.224.X. Is it
> possible to have a single machine answer for both IPs on a single interface?
> The network Gods claim they can route the traffic to me no problem, but I am
> unsure how to configure the alias for the interface.
> Old address: 184.108.40.206
> Netmask: 255.255.255.0
> Gateway: 220.127.116.11
> New address: 18.104.22.168
> Netmask: 255.255.255.224
> Gateway: 22.214.171.124
> Is it even possible to alias the old address with the new gateway?
you can have both ip's on the same interface with:
ifconfig intX inet 126.96.36.199/27
ifconfig intX inet 188.8.131.52/24 alias
As for the default routes:
Depends on what your trying to do - i think you're going to have to talk
to your local network guys - if the machines that are trying to reach the
old ip's are reachable via the new gateway (and the new gateway won't be
confused by packets coming from old ip's coming in on it's new ip
interface). Then just set the default route to the new gatway and be
done with it.
There is no straight forward way on NetBSD to have two default routes, but
if the set of machines that want to talk to the old ip's is known then you
can add routes to just them via the old gateway with:
route add -net oldmachinesnetblock/mask 184.108.40.206
The other way is to use ipf 'fastroute' rule to shift the packets around
manually, something like:
pass out on intX fastroute intX : 220.127.116.11 from 18.104.22.168/24 to any
(You'll need to test that carefully, i may have the syntax wrong. Tcpdump
is your friend, run it from a machine other than the server your testing,
so you can see what going on on the wire, oh, and consider pf as well,
(look for the 'route-to' option)).
 I am making assumptions about your network setup here, they may be
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)
-----END PGP SIGNATURE-----
Main Index |
Thread Index |